Had Exploit:Jave/cve-2012-4681 don't think it's all gone

Recommended Posts

I run Avast free and Malwarebytes free. I also have Windows Firewall and Malwarebytes Anti-Exploit, neither of which will run now. It started with telling me my mouse dll file was gone and then turning off the firewall and the MBAE and then telling me some COM file was gone and not allowing me to search within Microsoft Outlook. If I try to go to Microsoft Security Scanner after I Google it, it just clicks and clicks so I downloaded it onto a CD from another computer and booted this one from the CD. That found the Exploit malware. I still can't turn on the firewall or the MBAE or boot into Safe Mode, however, so I think there's more junk in here. I've run Malwarebytes, Avast, Windows Defender Offline, Trend Micro scan online. I think that's all I've done so far, but none of them are picking anything up.

Can someone help me? I was going to run anti rootkits, but then I read that was dangerous if you don't know what you're doing and I ONLY know enough to be dangerous :-).

Share this post

Link to post

Share on other sites

Please be aware the following P2P/Piracy Warning is a standard opening reply made here at Malwarebytes, we make no accusations but do make you aware of Forum Protocol....

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good...

Please open Malwarebytes Anti-Malware.

On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". <---- Very Important

Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button.

A Threat Scan will begin.

With some infections, you may or may not see this message box.

'Could not load DDA driver'

Click 'Yes' to this message, to allow the driver to load after a restart.

Allow the computer to restart. Continue with the rest of these instructions.

When the scan is complete, click Apply Actions.

Wait for the prompt to restart the computer to appear, then click on Yes.

After the restart once you are back at your desktop, open MBAM once more.

To get the log from Malwarebytes do the following:

Click on the History tab > Application Logs.

Double click on the scan log which shows the Date and time of the scan just performed.

Click Export > From export you have three options:

Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your replyText file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to replyXML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply

Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…

Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Double-click to run it. When the tool opens click Yes to disclaimer.(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)

Make sure Addition.txt is checkmarked under "Optional scans"

Press Scan button to run the tool....

It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

The tool will also make logs named (Addition.txt) and Shortcut.txt Please attach those logs to your reply.

Let me see those logs in your next reply... If Malwarebytes does not run use Chameleon as follows...

As you have Malwarebytes installed lets see if we can get it to run through its protected folder, do the following

Error: (01/14/2016 12:20:16 PM) (Source: Application Hang) (EventID: 1002) (User: )Description: The program IEXPLORE.EXE version 11.0.9600.18163 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

System errors:=============Error: (01/16/2016 12:47:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Google Update Service (gupdate) service failed to start due to the following error:%%2

Error: (01/16/2016 12:45:01 PM) (Source: Service Control Manager) (EventID: 7003) (User: )Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (01/16/2016 12:44:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )Description: The MBAMWebAccessControl service depends the following service: BFE. This service might not be installed.

Error: (01/16/2016 12:44:56 PM) (Source: Service Control Manager) (EventID: 7022) (User: )Description: The Malwarebytes Anti-Exploit Service service hung on starting.

Error: (01/16/2016 12:42:56 PM) (Source: Service Control Manager) (EventID: 7003) (User: )Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (01/16/2016 12:42:50 PM) (Source: Service Control Manager) (EventID: 7003) (User: )Description: The Windows Firewall service depends the following service: BFE. This service might not be installed.

Error: (01/16/2016 12:42:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The Print Spooler service failed to start due to the following error:%%3

Files to move or delete:====================C:\Users\Patricia\hpothb07.dat

Some files in TEMP:====================C:\Users\Patricia\AppData\Local\Temp\439b016b4b0cce01.exeC:\Users\Patricia\AppData\Local\Temp\ApnIC.dllC:\Users\Patricia\AppData\Local\Temp\ApnStub.exeC:\Users\Patricia\AppData\Local\Temp\ApnToolbarInstaller.exeC:\Users\Patricia\AppData\Local\Temp\AskSLib.dllC:\Users\Patricia\AppData\Local\Temp\GoogleToolbarInstaller_en32_signed.exeC:\Users\Patricia\AppData\Local\Temp\HPInstaller.exeC:\Users\Patricia\AppData\Local\Temp\HPPSdr.exeC:\Users\Patricia\AppData\Local\Temp\InstallFlashPlayer.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exeC:\Users\Patricia\AppData\Local\Temp\jre-8u65-windows-au.exeC:\Users\Patricia\AppData\Local\Temp\MouseKeyboardCenterx64_1033.exeC:\Users\Patricia\AppData\Local\Temp\ose00000.exeC:\Users\Patricia\AppData\Local\Temp\ose00001.exeC:\Users\Patricia\AppData\Local\Temp\Package_en_ww.exeC:\Users\Patricia\AppData\Local\Temp\sqlite3.dllC:\Users\Patricia\AppData\Local\Temp\tmp479D.exeC:\Users\Patricia\AppData\Local\Temp\{3DA0AD17-92CA-42F0-9864-C227084CEF71}-43.0.2357.134_43.0.2357.132_chrome_updater.exe

Share this post

Link to post

Share on other sites

Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply.

Read the Terms and Conditions, the download tab is at the bottom of the page.Close all browsers before starting. Disable your antivirus program and anti-malware, if any.To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs read here: